1. Caddy version:
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I installed, and run Caddy:
Docker on Raspberry pi 3
a. System environment:
Raspberry pi 3 - Raspbian/Raspberry Pi OS Bullseye
b. Command:
Dockerfile
FROM caddy:builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Build Docker image
sudo docker build -t caddy_cloudflare:1.5 .
Run Caddy
docker compose -f caddy/docker-compose.yml up -d
c. Service/unit/compose file:
version: "3.8"
services:
caddy:
image: caddy_cloudflare:1.5
container_name: caddy
hostname: caddy
env_file:
- ../.env
# Add CLOUDFLARE_API_TOKEN to secret.env
# Token permissions:
# (Zone/DNS/EDIT)
# (Zone/Zone/Read)
- ./secret.env
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./data:/data
- ./config:/config
d. My complete Caddy config:
{
# General Options
debug
}
# Externally Accessible
# Sigma services
home.{$DOMAIN} {
reverse_proxy {$IP_SIGMA}:8123
}
# Omega services
music.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:4533
}
watch.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:8096
}
read.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:5000
}
foundry.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:30000
}
quest.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:30001
}
audiobook.{$DOMAIN} {
reverse_proxy {$IP_OMEGA}:13378
}
# Shortcodes
# Sigma Services
http://dashboard,
http://home,
http://portainer,
http://pihole,
# Dream Machine Services
http://unifigui,
http://udm,
# Omega Services
http://music,
http://watch,
http://audiobook,
http://read {
redir https://{host}.{$DOMAIN_LAN}
}
# Internal
# Wildcard cert for internal services
*.{$DOMAIN_LAN} {
tls {$EMAIL_ADDRESS} {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
}
# Sigma services
@heimdall host dashboard.{$DOMAIN_LAN}
handle @heimdall {
reverse_proxy {$IP_SIGMA}:8143 {
transport http {
tls_insecure_skip_verify
}
}
}
@home host home.{$DOMAIN_LAN}
handle @home {
reverse_proxy {$IP_SIGMA}:8123
}
@portainer host portainer.{$DOMAIN_LAN}
handle @portainer {
reverse_proxy {$IP_SIGMA}:9000
}
@pihole host pihole.{$DOMAIN_LAN}
handle @pihole {
reverse_proxy {$IP_SIGMA}:8080
redir / /admin
}
# Dream Machine services
@unifigui host unifigui.{$DOMAIN_LAN}
handle @unifigui {
reverse_proxy {$IP_UNIFI}:443 {
transport http {
tls_insecure_skip_verify
}
}
}
@udm host udm.{$DOMAIN_LAN}
handle @udm {
reverse_proxy {$IP_UNIFI}:443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Omega services
@navidrome host music.{$DOMAIN_LAN}
handle @navidrome {
reverse_proxy {$IP_OMEGA}:4533
}
@jellyfin host watch.{$DOMAIN_LAN}
handle @jellyfin {
reverse_proxy {$IP_OMEGA}:8096
}
@kavita host read.{$DOMAIN_LAN}
handle @kavita {
reverse_proxy {$IP_OMEGA}:5000
}
@audiobook host audiobook.{$DOMAIN_LAN}
handle @audiobook {
reverse_proxy {$IP_OMEGA}:13378
}
}
3. The problem I’m having:
I would like to split off some of my docker containers into a separate raspberry pi that maintains a stronger uptime than my other raspberry pi as it will host network critical docker containers (caddy, pihole, ddclient).
I wanted to know what hardware requirements i would need to get the best performance out of caddy. I only use it as a reverse proxy to connect services running on a couple home servers.
ddclient runs once every 5 minutes so its low overhead. Pihole is mostly just DNS so the network and hardware requirements are pretty low.
Idk how reverse proxies work exactly, but my intuition would like to believe that it doesn’t require all traffic to be routed through the reverse proxy, just traffic that creates the initial TCP connection between client and server (please correct me if i’m wrong, im mostly just making stuff up).
If the above is the case then i don’t think i would need a super powerful raspberry pi or network speed and could hopefully get away with a raspberry pi 2 which i have lying around ( 900MHz quad-core ARM Cortex-A7 CPU, 1GB RAM, 100Mbit ethernet).
But if caddy is more demanding than that (for instance, if truly all traffic is routed through the caddy pi) then i will purchase a newer raspberry pi 4 with some more RAM and full gigabit ethernet.
4. Error messages and/or full log output:
N/A
5. What I already tried:
N/A